The EU’s General Data Protection Regulation or GDPR is the most stringent and complex privacy mandate in the world to date. Severe penalties will ensue if companies are found to be in major violation of the law. The greatest challenge exists in gaining control over unstructured data that has no internal compliance measures or management function.
While 58% of U.S. and 62% of German respondents to a recent survey believe their companies will be fined due to issues with non-compliance, 87% of CIOs believe their current policies leave them at risk of being exposed under GDPR.
Not surprisingly, 80% of all business-related data is considered unstructured making it increasingly more difficult for companies, especially larger ones, to ensure compliance of data sources, endpoints, emails, servers, and users, and meet the deadline for compliance.
For sure, if you are one of those companies that must comply with the GDPR regulation, you will need to archive all of your data in a way that creates a single searchable pool of high-value unstructured information and provide a solid foundation for information governance.
Therefore, a structured data governance mechanism would give you the visibility and control you need to meet a variety of GDPR obligations.
Here’s how to establish one:
#1. Gain a cross-departmental view of where personal data resides
Understand where all the personal data lives across your enterprise. This allows you to optimize access controls, consolidate where possible, and prioritize security efforts.
#2 Rapid response to data subject requests
Employ proactive preservation to minimize or eliminate ad-hoc enterprise crawling and piecemeal collections, and accelerate discovery, production, and erasure of personal information.
#3 Automate retention policy enforcement
Automate the removal of outdated data from endpoints, email, data center sources, and your backup and archival copies to ensure enforcement of retention periods.
#4 Facilitate data security and privacy enforcement
Detect data leakage quickly, thus minimizing the need to crawl systems and endpoints. Remove sensitive data from unauthorized locations. Add a layer of protection against ransomware. Provide a quick, alternate way to assess exposure in the event of a compromise to give legal stakeholders a leg up on breach notification planning.
#5 Resilience and availability
Ensure faster recovery in the wake of an incident. Restore to any on-premise or cloud location, and even write to multiple locations at once.
The GDPR is serious business and may mean a lot of work to ensure compliance. However, the work is worth it to gain operational efficiency, optimize litigation readiness, streamline governance, and avoid those hefty fines.
If you want to know more about how to establish structured data governance, click the link below for more information.